• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

China-linked group Houken hit French organizations using zero-days

 | 

Cybercriminals Target Brazil: 248,725 Exposed in CIEE One Data Breach

 | 

Europol shuts down Archetyp Market, longest-running dark web drug marketplace

 | 

Kelly Benefits data breach has impacted 550,000 people, and the situation continues to worsen as the investigation progresses

 | 

Cisco removed the backdoor account from its Unified Communications Manager

 | 

U.S. Sanctions Russia's Aeza Group for aiding crooks with bulletproof hosting

 | 

Qantas confirms customer data breach amid Scattered Spider attacks

 | 

CVE-2025-6554 is the fourth Chrome zero-day patched by Google in 2025

 | 

U.S. CISA adds TeleMessage TM SGNL flaws to its Known Exploited Vulnerabilities catalog

 | 

A sophisticated cyberattack hit the International Criminal Court

 | 

Esse Health data breach impacted 263,000 individuals

 | 

Europol dismantles €460M crypto scam targeting 5,000 victims worldwide

 | 

CISA and U.S. Agencies warn of ongoing Iranian cyber threats to critical infrastructure

 | 

U.S. CISA adds Citrix NetScaler flaw to its Known Exploited Vulnerabilities catalog

 | 

Canada bans Hikvision over national security concerns

 | 

Denmark moves to protect personal identity from deepfakes with new copyright law

 | 

Ahold Delhaize data breach affected over 2.2 Million individuals

 | 

Facebook wants access to your camera roll for AI photo edits

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 51

 | 

Security Affairs newsletter Round 530 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Cyber Crime
  • Hacking
  • Protonmail hacked? …. No, it is a very strange scam attempt

Protonmail hacked? …. No, it is a very strange scam attempt

Pierluigi Paganini November 17, 2018

A hacker going online by the moniker AmFearLiathMor is claiming to have hacked the most popular end-to-end encrypted email service ProtonMail.

At the time it is not clear if the hacker belongs to a cyber crime gang, it claims to have stolen a “significant” amounts of data from the company.

The ransom demand (archive.is link) was posted on Pastebin, the hacker claims to have compromised user’s email and also accused ProtonMail of sending user’s decrypted data to American servers.

AmFearLiathMor also wrote that ProtonMail hasn’t configured the mandatory Subresource Integrity (SRI) allowing tampering and data collection.

“We hacked Protonmail and have a significant amount of their data from the past few months.  We are offering it back to Protonmail for a small fee, if they decline then we will publish or sell user data to the world.” wrote the hacker.

“While Protonmail’s open-source code can be freely audited on Github, they haven’t configured the mandatory SRI feature (https://www.w3.org/TR/SRI/). This leaves users without any guarantee about their source code integrity, thus allowing tampering and data collection at anytime. This will be totally transparent and unnoticed, because without enabling SRI all the users should inspect the website runtime code and its connections manually in the same moment they’re being tampered with by Protonmail to discover it.”

“Incidentally during this period we noticed that Protonmail sends decrypted user data to American servers frequently.  This may be due to the Swiss MLAT treaty requiring swiss companies reveal all their data to the Americans.  However it also might be possible they are sending this decrypted user data to the American firm that owns them.  This was simply a surprising thing to note but did not significantly influence our operation.” added the hacker.

ProtonMail denied having been hacked that added that this is just a hoax.

This extortion attempt is a hoax and have seen zero evidence to suggest otherwise.

— Proton (@ProtonPrivacy) November 16, 2018

Below the ProtonMail reply to a Reddit thread:

“This extortion attempt is a hoax and we have seen zero evidence to suggest otherwise.” states the company.

“A closer reading of some of the claims, e.g. “circumventing the Geneva convention, underwater drone activities in the Pacific Ocean, and possible international treaty violations in Antarctica”, etc, should also cause a reasonable observer to draw the same conclusion.”

ProtonMail confirmed to be aware of a limited number of hacked accounts that have been compromised likely through credential stuffing of phishing attacks, but excluded that its systems have been breached.

“As many of you may be aware, earlier today, criminals attempted to extort ProtonMail by alleging a data breach, with zero evidence. An internal investigation turned up two messages from the criminals involved, which again repeated the allegations with zero evidence, and demanded payment. We have no indications of any breach from our internal infrastructure monitoring.” wrote the company.

“Like any good conspiracy theory, it is impossible to disprove a breach. On the other hand, a breach can be easily proven by providing evidence. The lack of evidence strongly suggests there is no breach, and this is a simple case of online extortion.”

protonmail hacked

The hackers are claiming they have data on Michael Avenatti and CNN employees.

The hacker is also offering $20 USD in bitcoin for spreading info about the alleged hack using the #Protonmail hashtag on Twitter.

This is a very strange and anomalous scam attempt, the hackers used a mix of appealing info and political data. Why mention Avenatti in a scam attempt? Is it a message to someone? Why hackers did not publish a sample of stolen data?

Stay Tuned…

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Protonmail, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]


facebook linkedin twitter

Cybercrime hoax Pierluigi Paganini ProtonMail protonmail hacked SecurityAffairs

you might also like

Pierluigi Paganini July 03, 2025
China-linked group Houken hit French organizations using zero-days
Read more
Pierluigi Paganini July 03, 2025
Cybercriminals Target Brazil: 248,725 Exposed in CIEE One Data Breach
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    China-linked group Houken hit French organizations using zero-days

    APT / July 03, 2025

    Cybercriminals Target Brazil: 248,725 Exposed in CIEE One Data Breach

    Data Breach / July 03, 2025

    Europol shuts down Archetyp Market, longest-running dark web drug marketplace

    Cyber Crime / July 03, 2025

    Kelly Benefits data breach has impacted 550,000 people, and the situation continues to worsen as the investigation progresses

    Uncategorized / July 03, 2025

    Cisco removed the backdoor account from its Unified Communications Manager

    Security / July 02, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT